DRAFT Microconsulting Work Statement – License and Entitlement Management
This is a draft microconsulting work statement. Please provide feedback for the below content in the comments below or directly to michael.frank@va.gov or juan.quinones@va.gov. Please indicate your intent to respond and your company's socioeconomic status under NAICS 541512/$27.5M. Feedback due by COB Wednsday, October 24, 2018.
Background
As the Department of Veterans Affairs (VA) develops core governance for managing its Application Programming Interface (API) capability, a key component is asset management of core technology licenses. If we cannot manage the assignment of licenses efficiently or effectively, the API capability will be at risk of negative impact.
VA sees License Management and Entitlement Management as distinctive, yet related needs:
License Management deals with the quantity and types of licensed software from the perspective of VA's use of 3rd Party products (e.g. Anypoint, 3Scale, Kong).
Entitlement Management ensures that software is configured and delivered in accordance with key provisions of the software license.
In addition, these needs can extend to parties outside VA utilizing services and data VA exposes to those parties.
The Play
A License Management and Entitlement Management governance processes in the context of federated, API Gateway Platforms from multiple vendors would benefit VA so that the licenses can be managed, controlled, monitored for compliance and in line with VA needs. We need better insight into what is needed for sizing licenses, how requests should be submitted, and governance processes for allocating and controlling licenses.
VA is looking for specific guidance to implement License Management and Entitlement Management governance to include practices and policies within the following contexts:
VA as a consumer of 3rd Party products.
VA as a supplier to outside organizations of VA services and data.
VA must ensure compliance for all uses of 3rd Party products pertaining to API Gateways and Frameworks that exist in a federated environment.
In addition, VA must understand how License Management and Entitlement Management extend contractual relationships to outside parties using VA services and data.
License Management: How to ensure compliance of VA's consumption of 3rd Party products in terms of constraints on licenses, including Maximum Users, Maximum, Nodes or Cores, Maximum MIPS.
Entitlement Management: How to enforce fine-grained access related to Authorizations, Privileges, Access Rights, Permissions and Rules.
Address how VA can discover and monitor usage of services, access, or data by outside parties so VA can understand how License Management and Entitlement Management extend to VA's relationships with outside parties.
Consider how License Management and Entitlement Management in the private sector support monetization, and if those same principles can be leveraged within Government sector for tangible benefit to Veterans.
Consider the pieces of governance that can be separated as vendor agnostic vs. those pieces that would require vendor specific guidance.
Deliverables shall be submitted to VA's GitHub Repo.
Time Box
VA anticipates a 4-week iteration to be sufficient.
Vendors may propose alternate time frame for VA's consideration.
Disclaimer
To avoid potential conflicts of interest, the Contractor will not be provided any non-public information to develop the deliverables. Additionally, all deliverables will be made publicly available in the VA GitHub repository.
In performance of this effort, the contractor shall not perform a function that requires access to a VA system or VA sensitive information (e.g., system administrator privileged access to a VA system, or contractor systems or processes that utilize VA sensitive information). Additionally, the contractor shall not connect one or more contractor-owned IT devices to a VA internal trusted network. Finally, this acquisition does not involve the storage, generating, transmitting, or exchanging of VA sensitive information.
Evaluation
Vendor shall describe how they will complete the deliverables and provide a fixed price for the entire work effort. VA's micropurchase authority is $10,000 or less.
Government will determine which proposal is most beneficial to the Government.
Submissions shall be made to the following email addresses by TBD.
Juan.Quinones@va.gov
Michael.Frank@va.gov
Purchase Order Clauses
FAR 52.204-13 System for Award Management Maintenance (OCT 2016)
FAR 52.227-14 Alternate IV Rights in Data—General (DEC 2007)
FAR 52.232-33 Payment by Electronic Funds Transfer—System for Award Management (JUL 2013)
FAR 52.232-39 Unenforceability of Unauthorized Obligations (JUN 2013)
VAAR 852.232-72 Electronic submission of payment requests. (NOV 2012)
DRAFT Microconsulting Work Statement – License and Entitlement Management
This is a draft microconsulting work statement. Please provide feedback for the below content in the comments below or directly to michael.frank@va.gov or juan.quinones@va.gov. Please indicate your intent to respond and your company's socioeconomic status under NAICS 541512/$27.5M. Feedback due by COB Wednsday, October 24, 2018.
Background
As the Department of Veterans Affairs (VA) develops core governance for managing its Application Programming Interface (API) capability, a key component is asset management of core technology licenses. If we cannot manage the assignment of licenses efficiently or effectively, the API capability will be at risk of negative impact.
VA sees License Management and Entitlement Management as distinctive, yet related needs:
License Management deals with the quantity and types of licensed software from the perspective of VA's use of 3rd Party products (e.g. Anypoint, 3Scale, Kong).
Entitlement Management ensures that software is configured and delivered in accordance with key provisions of the software license.
In addition, these needs can extend to parties outside VA utilizing services and data VA exposes to those parties.
The Play
A License Management and Entitlement Management governance processes in the context of federated, API Gateway Platforms from multiple vendors would benefit VA so that the licenses can be managed, controlled, monitored for compliance and in line with VA needs. We need better insight into what is needed for sizing licenses, how requests should be submitted, and governance processes for allocating and controlling licenses.
VA is looking for specific guidance to implement License Management and Entitlement Management governance to include practices and policies within the following contexts:
VA must ensure compliance for all uses of 3rd Party products pertaining to API Gateways and Frameworks that exist in a federated environment.
In addition, VA must understand how License Management and Entitlement Management extend contractual relationships to outside parties using VA services and data.
Deliverables
Provide a position outline (no more than 2 pages) that would describe how the following information can be delivered as content guidance to VA's API Playbook https://github.com/department-of-veterans-affairs/ES-ASG/wiki.
License Management: How to ensure compliance of VA's consumption of 3rd Party products in terms of constraints on licenses, including Maximum Users, Maximum, Nodes or Cores, Maximum MIPS.
Entitlement Management: How to enforce fine-grained access related to Authorizations, Privileges, Access Rights, Permissions and Rules.
Address how VA can discover and monitor usage of services, access, or data by outside parties so VA can understand how License Management and Entitlement Management extend to VA's relationships with outside parties.
Consider how License Management and Entitlement Management in the private sector support monetization, and if those same principles can be leveraged within Government sector for tangible benefit to Veterans.
Consider the pieces of governance that can be separated as vendor agnostic vs. those pieces that would require vendor specific guidance.
Deliverables shall be submitted to VA's GitHub Repo.
Time Box
VA anticipates a 4-week iteration to be sufficient.
Vendors may propose alternate time frame for VA's consideration.
Disclaimer
To avoid potential conflicts of interest, the Contractor will not be provided any non-public information to develop the deliverables. Additionally, all deliverables will be made publicly available in the VA GitHub repository.
In performance of this effort, the contractor shall not perform a function that requires access to a VA system or VA sensitive information (e.g., system administrator privileged access to a VA system, or contractor systems or processes that utilize VA sensitive information). Additionally, the contractor shall not connect one or more contractor-owned IT devices to a VA internal trusted network. Finally, this acquisition does not involve the storage, generating, transmitting, or exchanging of VA sensitive information.
Evaluation
Purchase Order Clauses